Ubuntu
clamav package

Change logs for clamav source package in Eoan

  1. Eoan (19.10)
  2. Change log 
  • clamav (0.102.3+dfsg-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * Updated to 0.102.2 to fix security issues
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 114.
    - CVE-2020-3327
    - CVE-2020-3341

 -- Marc Deslauriers <email address hidden>  Tue, 19 May 2020 14:24:37 -0400
  • clamav (0.102.2+dfsg-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * Updated to 0.102.2 to fix security issue (CVE-2020-3123)
    - debian/patches/*: synced patches with 0.102.2+dfsg-1.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 113.

 -- Marc Deslauriers <email address hidden>  Tue, 11 Feb 2020 08:45:45 -0500
  • clamav (0.102.1+dfsg-0ubuntu0.19.10.3) eoan; urgency=medium

  * d/clamav-daemon.config.in: Correct error from ScanOnAccess option
    removal so that setting LogFile options via DebConf works again
    (Closes: #950296) (LP: #1860217)

 -- Eric Desrochers <email address hidden>  Thu, 06 Feb 2020 20:29:28 +0000
  • clamav (0.102.1+dfsg-0ubuntu0.19.10.2) eoan-security; urgency=medium

  * Updated to 0.102.1 to fix security issue (CVE-2019-15961)
    - debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1.
    - debian/clamav-daemon.*.in,clamav-freshclam.*.in,
      clamav-daemon.templates: added new configuration options, dropped
      ClamOnAccess.
    - debian/clamav-deamon.install: install new clamonacc binary.
    - debian/clamav-docs.*: removed missing docs.
    - debian/libclamav9.install: added libfreshclam.so.2.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 112.

 -- Marc Deslauriers <email address hidden>  Tue, 07 Jan 2020 11:07:32 -0500
  • clamav (0.101.4+dfsg-1ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - clamav-daemon may fail to start due to options removed in new version
      and manually edited configuration file. (LP #1783632)
      + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
        add patch from Debian stretch to simply warn about removed options.

clamav (0.101.4+dfsg-1) unstable; urgency=medium

  * Import 0.101.4
   - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
     (Closes:934359)
   - CVE-2019-12900 (An out of bounds write was possible within ClamAV's
     NSIS bzip)
   - update symbols file (bump to 101.4 and drop unused cli_strnstr).

 -- Gianfranco Costamagna <email address hidden>  Sun, 25 Aug 2019 23:25:27 +0200
  • clamav (0.101.2+dfsg-3ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - clamav-daemon may fail to start due to options removed in new version
      and manually edited configuration file. (LP #1783632)
      + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
        add patch from Debian stretch to simply warn about removed options.

clamav (0.101.2+dfsg-3) unstable; urgency=medium

  * Cherry-pick a fix from 0.101.3 to address a vulnerability to
    non-recursive zip bombs.

 -- Gianfranco Costamagna <email address hidden>  Wed, 07 Aug 2019 08:54:47 +0200
  • clamav (0.101.2+dfsg-2ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - clamav-daemon may fail to start due to options removed in new version
      and manually edited configuration file. (LP #1783632)
      + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
        add patch from Debian stretch to simply warn about removed options.

clamav (0.101.2+dfsg-2) unstable; urgency=medium

  * Remove python from build-depends:
    - Only needed for llvm, which is currently (and probably permanently)
      disabled
    - Support python2 removal, if this comes back, it will need to be python3

 -- Gianfranco Costamagna <email address hidden>  Sat, 03 Aug 2019 10:20:31 +0200
  • clamav (0.101.2+dfsg-1ubuntu2) eoan; urgency=medium

  * Rebuild against new libjson-c4.

 -- Gianfranco Costamagna <email address hidden>  Sat, 29 Jun 2019 13:48:24 +0200
  • clamav (0.101.2+dfsg-1ubuntu1) eoan; urgency=medium

  * Sync with Debian. Remaining change:
    - clamav-daemon may fail to start due to options removed in new version
      and manually edited configuration file. (LP #1783632)
      + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
        add patch from Debian stretch to simply warn about removed options.

clamav (0.101.2+dfsg-1) unstable; urgency=high

  * Import 0.101.2
   - CVE-2019-1787 (An out-of-bounds heap read condition may occur when
     scanning PDF documents)
   - CVE-2019-1789 (An out-of-bounds heap read condition may occur when
     scanning PE files)
   - CVE-2019-1788 (An out-of-bounds heap write condition may occur when
     scanning OLE2 files)
   - CVE-2019-1786 (An out-of-bounds heap read condition may occur when
     scanning malformed PDF documents)
   - CVE-2019-1785 (A path-traversal write condition may occur as a result of
     improper input validation when scanning RAR archives)
   - CVE-2019-1798 (A use-after-free condition may occur as a result of
     improper error handling when scanning nested RAR archives)
   - update symbols file
   - Remove DetectBrokenExecutables option from clamd template, it is
     deprecated.
  * Drop the dbgsym migration line.
  * Bump standards-version to 4.3.0 without further change

clamav (0.101.1+dfsg-3) unstable; urgency=medium

  * Upload to unstable.

clamav (0.101.1+dfsg-2) experimental; urgency=medium

  [ Scott Kitterman ]
  * Add information to README.Debian on configuring clamav-milter's socket to
    work with postfix

  [ Sebastian Andrzej Siewior ]
  * debian/libclamav-dev.install: also install clamav-types.h

clamav (0.101.1+dfsg-1) experimental; urgency=medium

  [ Scott Kitterman ]
  * Update debian/copyright
  * Add Build-Depends-Package to libclamav9.symbols
  * Update clamav-docs.doc-base for re-organized documentation
  * Add lintian override for source-is-missing on test file that happens
    to have long line length
  * Drop build-depends on electric-fence, upstream no longer ships the
    relevant tests that used it

  [ Sebastian Andrzej Siewior ]
  * Import 0.101.1
    - update symbol file
    - add back the json/curl configure options (don't rely on autodetect).
  * Add abstractions/openssl to apparmor's profile. Thanks to intrigeri for
    the help (Closes: #913020).
  * Load the apparmor profile before starting the daemon. Thanks to intrigeri
    for the help (Closes: #903834).
  * Add attach_disconnected to freshclam's apparmor profile to hopefully get
    it properly working in overlayfs enviroment. Thanks to Vincas Dargis
    (Closes: #917648).

clamav (0.101.0+dfsg-1) experimental; urgency=medium

  [ Scott Kitterman ]
  * Increase clamd socket command read timeout to 30 seconds (Closes: #915098)

  [ Sebastian Andrzej Siewior ]
  * Import new upstream release.
   - update symbol file.
   - add new options to the config file.
   - package libclamav9

 -- Marc Deslauriers <email address hidden>  Tue, 23 Apr 2019 11:40:41 -0400
  • clamav (0.100.3+dfsg-0ubuntu1) disco; urgency=medium

  * Updated to version 0.100.3 to fix security issues. (LP: #1822503)
    - debian/libclamav7.symbols: updated to new version.
    - CVE-2019-1787
    - CVE-2019-1788
    - CVE-2019-1789

 -- Marc Deslauriers <email address hidden>  Thu, 04 Apr 2019 08:19:16 -0400